This cleans up the lingering pointer, adapter->client, during powering
off the adapter. The crash occurs when a D-Bus client set Powered
property to false and immediately calls StopDiscovery() when there is
ongoing discovery. As a part of powering off the adapter,
adapter->discovery_list gets cleared, and given that adapter->client
refers to one of the clients in adapter->discovery_list, adapter->client
should be cleared along with it.
Reviewed-by: Alain Michaud <alainm@xxxxxxxxxxxx>
Reviewed-by: Sonny Sasaka <sonnysasaka@xxxxxxxxxxxx>
---
src/adapter.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/src/adapter.c b/src/adapter.c
index c0053000a..74bfb0448 100644
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -1507,8 +1507,10 @@ static void discovery_free(void *user_data)
client->discovery_filter = NULL;
}
- if (client->msg)
+ if (client->msg) {
dbus_message_unref(client->msg);
+ client->msg = NULL;
+ }
g_free(client->owner);
g_free(client);
@@ -5301,6 +5303,19 @@ static void free_service_auth(gpointer data, gpointer user_data)
static void remove_discovery_list(struct btd_adapter *adapter)
{
+ DBusMessage *msg;
+
+ if (adapter->client) {
+ msg = adapter->client->msg;
+ if (msg) {
+ g_dbus_send_message(dbus_conn, btd_error_busy(msg));
+ dbus_message_unref(msg);
+ adapter->client->msg = NULL;
+ }
+
+ adapter->client = NULL;
+ }
+
g_slist_free_full(adapter->set_filter_list, discovery_free);
adapter->set_filter_list = NULL;
--
2.26.2
